CVE-2023-53020

Summary

CVE-2023-53020 is a vulnerability affecting the Linux kernel's l2tp module. The issue lies in the function l2tp_tunnel_register(), where race conditions exist that can lead to inconsistencies and potential exploitation. Specifically, the code modifies a socket after publishing it, calls a function on an existing socket without locking, and changes the sock lock class on the fly, triggering syzbot reports. This vulnerability has been addressed by moving socket initialization code before publishing and under the sock lock, as well as switching to bh_lock_sock_nested(). The vulnerability could allow unauthorized access or denial of service.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.